Adds common access and security filters for the WordPress REST API (WP REST).
It does the following:
- Sets a cross-domain CORS header for the API to prevent cross-domain errors when accessing from a diffrent domain. By default it allows all domains ("*"). You can set another domain or any array of domains with the "jp_rest_access_cors" filter.
- Allows for requests to the posts route to use the offset filter, without pagination.
- Sets a maximum amount of posts that can be requested at once from the posts endpoint. By default the max is 20, that value can be changed with the "jp_rest_access_max_posts_per_page" filter. Prevents someone from trying to DDOS a site with a lot of posts by requesting a ton of posts_per_page.
This is not a plugin. It's a composer library. Add "shelob9/jp-rest-access": "dev-master" to your site/plugin/theme's composer.json.
-
Allow from any domain This it the dfault behaviour
-
Allow from one domain
add_filter( 'jp_rest_access_cors', function( $domains ) {
return 'http://somedomain.com';
});- Allow from two domains
add_filter( 'jp_rest_access_cors', function( $domains ) {
return array( 'http://somedomain.com', 'http://another_url.com' );
});add_filter( 'jp_rest_access_max_posts_per_page', function( $max_posts ) {
return 5;
}```
### License
Copyright 2014 Josh Pollock. Licensed under the terms of the GNU General public license version 2. Please share with your neighbor.